diff options
| author | Werner Koch <wk@gnupg.org> | 2003-12-01 11:54:09 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2003-12-01 11:54:09 +0100 |
| commit | 7134af9fdb194ae8291775fed78cd1a82eaaa41b (patch) | |
| tree | 35754ee22cdad633b430f3e2aa89f7a1d9222158 /scd | |
| parent | (Certificate Options): Add --{enable,disable}-ocsp. (diff) | |
| download | gnupg2-7134af9fdb194ae8291775fed78cd1a82eaaa41b.tar.xz gnupg2-7134af9fdb194ae8291775fed78cd1a82eaaa41b.zip | |
* scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin.
* app-openpgp.c (verify_chv3): Check it here.
Diffstat (limited to 'scd')
| -rw-r--r-- | scd/ChangeLog | 5 | ||||
| -rw-r--r-- | scd/app-openpgp.c | 6 | ||||
| -rw-r--r-- | scd/scdaemon.c | 9 | ||||
| -rw-r--r-- | scd/scdaemon.h | 2 |
4 files changed, 20 insertions, 2 deletions
diff --git a/scd/ChangeLog b/scd/ChangeLog index cccd3b669..873691f63 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,8 @@ +2003-11-17 Werner Koch <wk@gnupg.org> + + * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. + * app-openpgp.c (verify_chv3): Check it here. + 2003-11-12 Werner Koch <wk@gnupg.org> Adjusted for API changes in Libksba. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 07abf9bfb..6b4a2f7ef 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -569,6 +569,12 @@ verify_chv3 (APP app, { int rc = 0; + if (!opt.allow_admin) + { + log_info ("access to admin commands is not configured\n"); + return gpg_error (GPG_ERR_EACCES); + } + if (!app->did_chv3) { char *pinvalue; diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 89be04ab5..a3100988b 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -73,6 +73,8 @@ enum cmd_and_opt_values opcscDriver, oDisableCCID, oDisableOpenSC, + oAllowAdmin, + oDenyAdmin, aTest }; @@ -112,8 +114,8 @@ static ARGPARSE_OPTS opts[] = { "@" #endif /* end --disable-opensc */}, - - + { oAllowAdmin, "allow-admin", 0, N_("allow the use of admin card commands")}, + { oDenyAdmin, "deny-admin", 0, "@" }, {0} }; @@ -397,6 +399,9 @@ main (int argc, char **argv ) case oDisableCCID: opt.disable_ccid = 1; break; case oDisableOpenSC: opt.disable_opensc = 1; break; + case oAllowAdmin: opt.allow_admin = 1; break; + case oDenyAdmin: opt.allow_admin = 0; break; + default : pargs.err = configfp? 1:2; break; } } diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 43c3189b3..e13377af7 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -57,6 +57,8 @@ struct { const char *pcsc_driver; /* Library to access the PC/SC system. */ int disable_opensc; /* Disable the use of the OpenSC framework. */ int disable_ccid; /* Disable the use of the internal CCID driver. */ + int allow_admin; /* Allow the use of admin commands for certain + cards. */ } opt; |